CVE-2021-27513 PoC — EyesOfNetwork 代码问题漏洞

Source

https://github.com/ArianeBlow/CVE-2021-27513-CVE-2021-27514

Associated Vulnerability

Title:EyesOfNetwork 代码问题漏洞 (CVE-2021-27513)
Description:The module admin_ITSM in EyesOfNetwork 5.3-10 allows remote authenticated users to upload arbitrary .xml.php files because it relies on "le filtre userside."

Readme

exploit-eyesofnetwork Version 5.3.5 up to 5.3.10

```
CVE-2021-27513 / CVE-2021-27514

#The brute-forcing can take a very long time on non production environement cause "session_id" is created at every login (but every session_id generated by the app are valide)
#for the PoC i deployed an EyesOfNetwork solution and I've simulate an daily use with 300 login (on production environement, I've found 230 entry in de "sessions" table in 3 months) 
#All session-id are created with only 8 to 10 DIGIT, so, that's easy on production environement to break one of them...
#For testing usage, change de "sessid" in the line .43 with an approached value of valide session_id (you find this in your cookie section or in eonweb database - "sessions_id" table (login:eonweb password:root66 on every instance of eyesofnetwork))

#Note : You can not upload more than 1 file withe the same name and the same URL, if the exploit fail, you have to edit the requests with another URL and filename (Orginal file name:shell2.xml.php original URL:https://ImSo.Famous)
```

File Snapshot


 [4.0K]  /data/pocs/8087f474adb90d6cb47e9cc44ca99e7ed105700e
├── [6.5K]  PoC-BruteForceID-arbitraty-file-upload-RCE-PrivEsc.py
└── [1.0K]  README.md

0 directories, 2 files

Shenlong Bot has cached this for you

Remarks

1. It is advised to access via the original source first.

2. Local POC snapshots are reserved for subscribers — if the original source is unavailable, the local mirror is part of the paid plan.

View subscription plans →

Goal Reached Thanks to every supporter — we hit 100%!